On Tue, 2023-09-12 at 16:13 +0530, Amit Kapila wrote:
> Do we want to remove
> that as anyway, we will do that check via walrcv_connect()?
I think we should keep the DDL-time checks in place as a best-effort,
but not rely on them for security.
> Another point is that if we want to unify such a check at the time of
> walrcv_connect() then do we need to do it at the time of Alter
> Subscription? I think it will probably be better to catch the problem
> early
Agreed. Catching mistakes at DDL time is a better user experience.
> but does removing it from Alter Subscription time and doing it
> at connect time lead to security hazards?
We'd still be doing the same check, just later, right? If so there's
not a big security risk in removing the DDL-time checks. But it's
probably not a good idea to have non-superuser-owned subscriptions
without a password specified, so there may be some hazard there.
>
Regards,
Jeff Davis
